To set up a private PGP/GPG keyserver on Debian, install the sks Debian package:
apt-get install sks
Stop the sks daemon, just to be sure:
service sks stop
Unfortunately, the keyserver's internal database isn't set up automatically, so we have to trigger that manually. Note that although the sks command should not be executed as root, it is located in /usr/sbin instead of /usr/bin. This is a bit confusing, but switching to the debian-sks user does the trick:
su debian-sks -c '/usr/sbin/sks build'
Since this is meant to be a private keyserver, we don't want to communicate with other keyservers, so we have to disable all communication channels (email and gossip protocol):
echo '# Empty - Do not communicate with other keyservers.' >/etc/sks/mailsync echo '# Empty - Do not communicate with other keyservers.' >/etc/sks/membership
Then, we have to enable the service:
echo 'initstart=yes' >/etc/default/sks
And we provide simple configuration options:
cat >/etc/sks/sksconf <<'EOF' pagesize: 16 ptree_pagesize: 16 EOF
Finally, we start the service:
service sks start
Check that the keyserver is up and running by visiting its HTTP interface (replace example.com with the site's domain name or IP address):
http://example.com:11371/
You can also upload and download a GPG key (replace example.com as before, and also replace 1234ABCD with an existing key ID):
gpg --send-key --keyserver example.com 1234ABCD gpg --recv-key --keyserver example.com 1234ABCD
In case we need a fresh start from a clean database, we have to stop the service, remove the database, rebuild it, and start the service again:
service sks stop rm -fr /var/lib/sks/DB /var/lib/sks/PTree su - debian-sks -c '/usr/sbin/sks build' service sks start